Heroku today launched a bug bounty program in conjunction with Bugcrowd. Rewards range between $100 and $1,500, with the amount being completely based on the severity of the vulnerability. If a security researcher shows interest in donating their bounty to a recognized charity, Heroku promises to match it dollar-for-dollar.

Customer apps are out of scope for the bounty, but Heroku promises to pass information along if security researchers inform the company anyway. “Working with security researchers to ensure the trustworthiness of Heroku’s platform is an ongoing effort of ours,” the company says.

Until now, Heroku has merely listed security researchers who report bugs to the company on its Hall of Fame. It will continue to provide this public recognition and thanks, in addition to financial incentives.